Dominique Leuenberger
0f6d927399
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the
OBS-URL: https://build.opensuse.org/request/show/657831
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=65
220 lines
7.4 KiB
RPMSpec
220 lines
7.4 KiB
RPMSpec
#
|
|
# spec file for package flatpak
|
|
#
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define libname libflatpak0
|
|
Name: flatpak
|
|
Version: 1.0.6
|
|
Release: 0
|
|
Summary: OSTree based application bundles management
|
|
License: LGPL-2.1-or-later
|
|
Group: System/Packages
|
|
URL: https://flatpak.github.io/
|
|
Source: %{name}-%{version}.tar.xz
|
|
Patch0: polkit_rules_usability.patch
|
|
BuildRequires: bison
|
|
BuildRequires: bubblewrap >= 0.2.1
|
|
BuildRequires: docbook-xsl-stylesheets
|
|
BuildRequires: gtk-doc
|
|
BuildRequires: intltool >= 0.35.0
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: libdwarf-devel
|
|
BuildRequires: libqgpgme-devel >= 1.1.8
|
|
BuildRequires: libtool
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: xsltproc
|
|
BuildRequires: pkgconfig(appstream-glib)
|
|
BuildRequires: pkgconfig(fuse)
|
|
BuildRequires: pkgconfig(gio-2.0)
|
|
BuildRequires: pkgconfig(gio-unix-2.0)
|
|
BuildRequires: pkgconfig(glib-2.0) >= 2.44
|
|
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0
|
|
BuildRequires: pkgconfig(gobject-introspection-no-export-1.0) >= 1.40.0
|
|
BuildRequires: pkgconfig(json-glib-1.0)
|
|
BuildRequires: pkgconfig(libarchive) >= 2.8.0
|
|
BuildRequires: pkgconfig(libelf) >= 0.8.12
|
|
BuildRequires: pkgconfig(libseccomp)
|
|
BuildRequires: pkgconfig(libsoup-2.4)
|
|
BuildRequires: pkgconfig(ostree-1) >= 2018.7
|
|
BuildRequires: pkgconfig(polkit-gobject-1)
|
|
BuildRequires: pkgconfig(xau)
|
|
Requires: %{libname} = %{version}
|
|
Requires: bubblewrap >= 0.2.1
|
|
Requires: ostree >= 2018.7
|
|
Requires: xdg-desktop-portal >= 0.10
|
|
Recommends: %{name}-lang = %{version}
|
|
# Remove after openSUSE Leap 42 is out of scope
|
|
Provides: xdg-app = %{version}
|
|
Obsoletes: xdg-app < %{version}
|
|
%{?systemd_requires}
|
|
|
|
%description
|
|
flatpak is a system for building, distributing and running sandboxed desktop
|
|
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
|
|
more information.
|
|
|
|
%package -n %{libname}
|
|
Summary: OSTree based application bundle management library
|
|
Group: System/Libraries
|
|
|
|
%description -n %{libname}
|
|
flatpak is a system for building, distributing and running sandboxed desktop
|
|
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
|
|
more information.
|
|
|
|
%package -n typelib-1_0-Flatpak-1_0
|
|
Summary: Introspection bindings for the flatpak library
|
|
Group: System/Libraries
|
|
|
|
%description -n typelib-1_0-Flatpak-1_0
|
|
flatpak is a system for building, distributing and running sandboxed desktop
|
|
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
|
|
more information.
|
|
|
|
%package zsh-completion
|
|
Summary: Zsh tab-completion for flatpak
|
|
Group: System/Shells
|
|
Supplements: packageand(%{name}:%(rpm -q --qf '%%{NAME}' --whatprovides zsh))
|
|
|
|
%description zsh-completion
|
|
flatpak is a system for building, distributing and running sandboxed desktop
|
|
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
|
|
more information.
|
|
|
|
This package provides zsh tab-completion for flatpak.
|
|
|
|
%package devel
|
|
Summary: Development files for the flatpak library
|
|
Group: Development/Languages/C and C++
|
|
Requires: %{libname} = %{version}
|
|
Requires: %{name} = %{version}
|
|
Requires: typelib-1_0-Flatpak-1_0 = %{version}
|
|
|
|
%description devel
|
|
flatpak is a system for building, distributing and running sandboxed desktop
|
|
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
|
|
more information.
|
|
|
|
%lang_package
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch0 -p1
|
|
sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
|
|
|
|
%build
|
|
NOCONFIGURE=1 ./autogen.sh
|
|
%configure \
|
|
--disable-silent-rules \
|
|
--enable-gtk-doc \
|
|
--disable-document-portal \
|
|
--with-system-bubblewrap \
|
|
--with-priv-mode=none \
|
|
--with-dbus-config-dir=%{_datadir}/dbus-1/system.d
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
%make_install
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
mkdir -p %{buildroot}%{_sbindir}
|
|
ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
|
|
# add a 60- prefix to the rules file, otherwise it is not effective, because
|
|
# /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no
|
|
# polkit-default-privs rule grants access then an explicit reject is the
|
|
# result. This should fix bsc#984817, granting members of group wheel access
|
|
# w/o password entry.
|
|
mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules
|
|
|
|
%find_lang %{name}
|
|
|
|
%post -n %{libname} -p /sbin/ldconfig
|
|
%postun -n %{libname} -p /sbin/ldconfig
|
|
%pre
|
|
%service_add_pre flatpak-system-helper.service
|
|
|
|
%preun
|
|
%service_del_preun flatpak-system-helper.service
|
|
|
|
%post
|
|
%service_add_post flatpak-system-helper.service
|
|
|
|
%postun
|
|
%service_del_postun flatpak-system-helper.service
|
|
|
|
%files -f %{name}.lang
|
|
%license COPYING
|
|
%{_bindir}/flatpak
|
|
%{_bindir}/flatpak-bisect
|
|
%{_bindir}/flatpak-coredumpctl
|
|
%{_libexecdir}/flatpak-dbus-proxy
|
|
%{_libexecdir}/flatpak-portal
|
|
%{_libexecdir}/flatpak-session-helper
|
|
%{_libexecdir}/flatpak-system-helper
|
|
%{_datadir}/bash-completion/completions/flatpak
|
|
# # Own dirs so we don't have to depend on dbus for building.
|
|
%dir %{_datadir}/dbus-1
|
|
%dir %{_datadir}/dbus-1/interfaces
|
|
%dir %{_datadir}/dbus-1/services
|
|
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml
|
|
%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml
|
|
%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service
|
|
%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service
|
|
%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service
|
|
%{_datadir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
|
|
# policykit rules
|
|
%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy
|
|
%{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules
|
|
%{_mandir}/man1/%{name}*.1%{ext_man}
|
|
%{_mandir}/man5/flatpak-metadata.5%{ext_man}
|
|
%{_mandir}/man5/flatpak-flatpakref.5%{ext_man}
|
|
%{_mandir}/man5/flatpak-flatpakrepo.5%{ext_man}
|
|
%{_mandir}/man5/flatpak-installation.5%{ext_man}
|
|
%{_mandir}/man5/flatpak-remote.5%{ext_man}
|
|
%{_datadir}/%{name}/
|
|
%config %{_sysconfdir}/profile.d/flatpak.sh
|
|
# Own dirs so we don't have to depend on gdm for building.
|
|
%dir %{_datadir}/gdm/
|
|
%dir %{_datadir}/gdm/env.d/
|
|
%{_datadir}/gdm/env.d/flatpak.env
|
|
%{_unitdir}/flatpak-system-helper.service
|
|
%{_sbindir}/rcflatpak-system-helper
|
|
%{_userunitdir}/flatpak-session-helper.service
|
|
%{_userunitdir}/flatpak-portal.service
|
|
%ghost %dir %{_localstatedir}/lib/flatpak
|
|
%dir %{_userunitdir}
|
|
%dir %{_userunitdir}/dbus.service.d
|
|
%{_userunitdir}/dbus.service.d/flatpak.conf
|
|
|
|
%files -n %{libname}
|
|
%{_libdir}/libflatpak.so.*
|
|
|
|
%files -n typelib-1_0-Flatpak-1_0
|
|
%{_libdir}/girepository-1.0/Flatpak-1.0.typelib
|
|
|
|
%files zsh-completion
|
|
%dir %{_datadir}/zsh/site-functions
|
|
%{_datadir}/zsh/site-functions/_flatpak
|
|
|
|
%files devel
|
|
%{_libdir}/pkgconfig/flatpak.pc
|
|
%{_datadir}/gtk-doc/
|
|
%{_includedir}/%{name}/
|
|
%{_libdir}/libflatpak.so
|
|
%{_datadir}/gir-1.0/Flatpak-1.0.gir
|
|
|
|
%changelog
|